<?php
class DigUser_Plugin_Acl extends Zend_Controller_Plugin_Abstract
{
    /**
     * validate the current user's request
     *
     * @param zend_controller_request $request
     */
    public function preDispatch (Zend_Controller_Request_Abstract $request)
    {
        // fetch the current user
        $currentUser = DigUser_Service_User::current();
        if ($currentUser) {
            $role = strtolower($currentUser->role);
        } else {
            $role = 'guest';
        }
        $module = $request->module;
        $controller = $request->controller;
        $action = $request->action;
        if (! DigUser_Service_User::isAllowed($role, $module, $controller, $action)) {
            if ($role == 'guest') {
                $request->setModuleName('digUser');
                $request->setControllerName('account');
                $request->setActionName('login');
            } else {
                throw new DigUser_Exception('You are not authorized to access this resource');
            }
        }
    }
}